git.postgresql.org Git - postgresql.git/commitdiff

git projects / postgresql.git / commitdiff

Add pg_checkpointer predefined role for CHECKPOINT command.

author Jeff Davis <jdavis@postgresql.org>

Tue, 9 Nov 2021 18:59:08 +0000 (10:59 -0800)

committer Jeff Davis <jdavis@postgresql.org>

2021年11月10日 00:59:14 +0000 (16:59 -0800)

Any user with the privileges of pg_checkpointer can issue a CHECKPOINT
command.

Reviewed-by: Stephen Frost
Discussion: https://postgr.es/m/67a1d667e8ec228b5e07f232184c80348c5d93f4.camel%40j-davis.com

doc/src/sgml/ref/checkpoint.sgml patch | blob | blame | history

doc/src/sgml/user-manag.sgml patch | blob | blame | history

src/backend/tcop/utility.c patch | blob | blame | history

src/include/catalog/catversion.h patch | blob | blame | history

src/include/catalog/pg_authid.dat patch | blob | blame | history

diff --git a/doc/src/sgml/ref/checkpoint.sgml b/doc/src/sgml/ref/checkpoint.sgml

index 2afee6d7b59b55d7f2965aaeeb2acba08477b185..1cebc03d15e0c0852351bf36dc0c651ba52ed8ca 100644 (file)

--- a/doc/src/sgml/ref/checkpoint.sgml

+++ b/doc/src/sgml/ref/checkpoint.sgml

@@ -52,7 +52,9 @@ CHECKPOINT

</para>

<para>

- Only superusers can call <command>CHECKPOINT</command>.

+ Only superusers or users with the privileges of

+ the <link linkend="predefined-roles-table"><literal>pg_checkpointer</literal></link>

+ role can call <command>CHECKPOINT</command>.

</para>

</refsect1>

diff --git a/doc/src/sgml/user-manag.sgml b/doc/src/sgml/user-manag.sgml

index afbf67c28cfadbd4280890e240d58dd9e0d964d5..9067be1d9c7811d061ac87923e973ced73480f7c 100644 (file)

--- a/doc/src/sgml/user-manag.sgml

+++ b/doc/src/sgml/user-manag.sgml

@@ -582,6 +582,12 @@ DROP ROLE doomed_role;

<entry>Allow executing programs on the database server as the user the database runs as with

COPY and other functions which allow executing a server-side program.</entry>

</row>

+ <row>

+ <entry>pg_checkpointer</entry>

+ <entry>Allow executing

+ the <link linkend="sql-checkpoint"><command>CHECKPOINT</command></link>

+ command.</entry>

+ </row>

</tbody>

</tgroup>

</table>

diff --git a/src/backend/tcop/utility.c b/src/backend/tcop/utility.c

index bf085aa93b2055012a8adb9f34265c3f91e8133c..1fbc387d471a10cc61f33d65353647bc9ec069fa 100644 (file)

--- a/src/backend/tcop/utility.c

+++ b/src/backend/tcop/utility.c

@@ -24,6 +24,7 @@

#include "catalog/catalog.h"

#include "catalog/index.h"

#include "catalog/namespace.h"

+#include "catalog/pg_authid.h"

#include "catalog/pg_inherits.h"

#include "catalog/toasting.h"

#include "commands/alter.h"

@@ -939,10 +940,10 @@ standard_ProcessUtility(PlannedStmt *pstmt,

break;

case T_CheckPointStmt:

- if (!superuser())

+ if (!has_privs_of_role(GetUserId(), ROLE_PG_CHECKPOINTER))

ereport(ERROR,

(errcode(ERRCODE_INSUFFICIENT_PRIVILEGE),

- errmsg("must be superuser to do CHECKPOINT")));

+ errmsg("must be superuser or have privileges of pg_checkpointer to do CHECKPOINT")));

RequestCheckpoint(CHECKPOINT_IMMEDIATE | CHECKPOINT_WAIT |

(RecoveryInProgress() ? 0 : CHECKPOINT_FORCE));

diff --git a/src/include/catalog/catversion.h b/src/include/catalog/catversion.h

index 9faf017457adcacf47e664753a368a29edde09fc..49e8e5912907b862e460092c54cbf4820aa7c8d0 100644 (file)

--- a/src/include/catalog/catversion.h

+++ b/src/include/catalog/catversion.h

@@ -53,6 +53,6 @@

/* yyyymmddN */

-#define CATALOG_VERSION_NO 202110272

+#define CATALOG_VERSION_NO 202111091

#endif

diff --git a/src/include/catalog/pg_authid.dat b/src/include/catalog/pg_authid.dat

index 3da68016b61ea9e24572f51bfdb6a0f08b541645..9c65174f3c61a715362f72e9946b61e059be975b 100644 (file)

--- a/src/include/catalog/pg_authid.dat

+++ b/src/include/catalog/pg_authid.dat

@@ -79,5 +79,10 @@

rolcreaterole => 'f', rolcreatedb => 'f', rolcanlogin => 'f',

rolreplication => 'f', rolbypassrls => 'f', rolconnlimit => '-1',

rolpassword => '_null_', rolvaliduntil => '_null_' },

+{ oid => '4544', oid_symbol => 'ROLE_PG_CHECKPOINTER',

+ rolname => 'pg_checkpointer', rolsuper => 'f', rolinherit => 't',

+ rolcreaterole => 'f', rolcreatedb => 'f', rolcanlogin => 'f',

+ rolreplication => 'f', rolbypassrls => 'f', rolconnlimit => '-1',

+ rolpassword => '_null_', rolvaliduntil => '_null_' },

]

This is the main PostgreSQL git repository.

RSS Atom